Adi Hayon Tomer Teller

Transcription

1 Adi Hayon Tomer Teller

2 Why are we here? (one of many reasons) A malicious program: Allocates memory in a remote process (and write to it) Executes the code in that memory region Frees the code Memory dump taken at the end of execution No malicious artifacts found in post-mortem analysis

6 Dynamic Analysis Challenges What you see is what you get Subverting API functions is easy. APIs Lie. Calling undocumented/native functions Custom WinAPI function implementations Reminder: evading dynamic analysis is out of scope

10 Memory Dump Timing Challenge Post-mortem memory dumps (after the program terminates) risks missing in on the action Malicious artifacts may appear and disappear intermittently Example: Memory region is allocated with RWE permissions Code is written to that region and executed Malware unload itself Detecting the additionally code at the end will fail

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform

Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security

Attacking Obfuscated Code with IDA Pro Chris Eagle Outline Introduction Operation Demos Summary 2 First Order Of Business MOVE UP AND IN! There is plenty of room up front I can't increase the font size

FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory DFRWS 2006: Work in Progress (WIP) Aug 16, 2006 AAron Walters 4TΦ Research Nick L. Petroni Jr. University

FunCap RAPID REVERSING WITH IDA PRO DEBUGGER ANDRZEJ DERESZOWSKI Who am I? Security consultant with focus on incident handling, forensics and malware analysis Not a dedicated reverser RE is just part of

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are solely of the

Heaventools PE Explorer Data Sheet Malware Code Analysis Made Easy Reverse engineers within the anti-virus, vulnerability research and forensics companies face the challenge of analysing a large number

Operating Systems Lecture 03 February 11, 2013 Goals for Today Interrupts, traps and signals Hardware Protection System Calls Interrupts, Traps, and Signals The occurrence of an event is usually signaled

LASTLINE WHITEPAPER In-Depth Analysis of Malware Abstract Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse).

COMBATTING ADVANCED MALWARE THREATS IN EMAIL A guide to how an Email Sandbox helps organizations to prepare for Advanced Persistent Threats 1 APT IS THE NEW NORMAL Advanced malware and advanced persistent

CAS : A FRAMEWORK OF ONLINE DETECTING ADVANCE MALWARE FAMILIES FOR CLOUD-BASED SECURITY ABHILASH SREERAMANENI DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING SEOUL NATIONAL UNIVERSITY OF SCIENCE AND TECHNOLOGY

Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military

End to End Defense against Rootkits in Cloud Environment Design- Part 2 Sachin Shetty Associate Professor Electrical and Computer Engineering Director, Cybersecurity Laboratory Tennessee State University

1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources

Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for

Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some

Bug hunting Vulnerability finding methods in Windows 32 environments compared FX of Phenoelit The goal: 0day What we are looking for: Handles network side input Runs on a remote system Is complex enough

The Process of Acquiring Live Systems Daniel DeFreez Jonathan McCoy 2009 Grant funding from Southern Oregon University Abstract This paper describes a process for acquiring a live system independent of

Virtualization is a bedrock of modern cloud environments. Hypervisors manage the virtual machines in a cloud environments, providing six fundamental features, as shown in the table below. 1 Hypervisors

CHAD TILBURY chad@forensicmethods.com 0 Former: Special Agent with US Air Force Office of Special Investigations 0 Current: Incident Response and Computer Forensics Consultant 0 Over 12 years in the trenches

Proactive Rootkit Protection Comparison Test A test commissioned by McAfee and performed by AV-TEST GmbH Date of the report: February 2 th, 213 Executive Summary In January 213, AV-TEST performed a comparative

Analyzing a New Variant of BlackEnergy 3 Likely Insider-Based Execution By Udi Shamir EXECUTIVE SUMMARY Note While writing this report (1/26/2016) a new attack has just been detected, targeting a Ukranian

Effective Java Programming measurement as the basis Structure measurement as the basis benchmarking micro macro profiling why you should do this? profiling tools Motto "We should forget about small efficiencies,

Pentesting ios Apps Runtime Analysis and Manipulation Andreas Kurtz About PhD candidate at the Security Research Group, Department of Computer Science, University of Erlangen-Nuremberg Security of mobile

HP OO Community Guides Monitoring HP OO 10 This document describes the specifications of components we want to monitor, and the means to monitor them, in order to achieve effective monitoring of HP Operations

16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices